On Tue, 23 Mar 2004, David Woodhouse wrote:
On Tue, 2004-03-23 at 11:43 +0000, Shevek wrote:
You should NOT do unconditional SRS rewriting. You should perform it
only when expanding an alias or a .forward file or explicitly
rerouting a mail.
True. You can add other conditions here too. Like rewriting only of the
sending domain actually had an SPF record -- otherwise you're turning a
'default' result into a 'pass' for no reason. And perhaps even rewriting
only if the recipient domain is actually known to check SPF.
Putting an SRS rewrite into the "outgoing mail" stage is a bad idea.
Not necessarily. Putting an _unconditional_ SRS rewrite would be -- but
it's not a bad thing to put it into the 'outgoing mail' stage if you
still do it only under the right circumstances. And it's fairly easy to
detect those circumstances even in the output stage -- if you're sending
a mail with a sender domain which isn't local, it's being forwarded.
The whole point of this thread is that the set of conditions you propose
here is incomplete, and should include at least "and I am not the
secondary MX for the recipient". There may be other conditions. Either
way, SRS should only be performed when explicitly rewriting recipient
addresses, not just when some set of approximate conditions matches.
That is the purpose and intent of SRS. Anything else is likely to be
broken in ways such as the above.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/